API Keys

Anon and Service Role keys, usage, and security.

Types

  • Anon: Browser-safe key when Row Level Security (RLS) is enabled.
  • Service Role: Full access, server-only. Never expose to clients.

Get keys

Dashboard → Project Settings → API Keys. Keys are auto-generated on project creation.

GET /v1/dashboard/projects/:id/api-keys
Authorization: Bearer <dashboard_token>

Client config endpoint

GET /v1/dashboard/projects/:id/client-config
{
  "data": {
    "url": "https://api.hirall.com",
    "endpoints": { "api": "...", "auth": "..." },
    "keys": { "anon": "ak_...", "service_role": "sk_..." },
    "env": {
      "client": { "HIRALL_URL": "...", "HIRALL_ANON_KEY": "..." },
      "server": { "HIRALL_SERVICE_ROLE_KEY": "..." }
    }
  }
}

Best practices

  • Do not commit keys to git. Use environment variables.
  • Rotate keys periodically and on compromise.
  • Enforce RLS for all tables when using anon keys.
QuickstartEnvironment VariablesSDK